CISA orders agencies to patch bugs exploited to drop spyware
- March 30, 2023
- 03:52 PM
- 0
The Cybersecurity and Infrastructure Security Agency (CISA) has ordered federal agencies today to patch security vulnerabilities exploited as zero-days in recent attacks to install commercial spyware on mobile devices.
The flaws in question were abused as part of several exploit chains in two separate highly-targeted campaigns targeting Android and iOS users, as Google's Threat Analysis Group (TAG) recently revealed.
In the first series of attacks spotted in November 2022, the threat actors used separate exploit chains to compromise iOS and Android devices.
One month later, a complex chain of multiple 0-days and n-days was exploited to target Samsung Android phones running up-to-date Samsung Internet Browser versions.
The end payload was a spyware suite for Android capable of decrypting and extracting data from numerous chat and browser apps.
Both campaigns were highly targeted, and the attackers "took advantage of the large time gap between the fix release and when it was fully deployed on end-user devices," according to Google TAG's Clément Lecigne.
> Google TAG's discovery was prompted by findings shared by Amnesty International's Security Lab, which also published details regarding domains and infrastructure used in the attacks.
CISA has added today five of the ten vulnerabilities used in the two spyware campaigns to its Known Exploited Vulnerabilities (KEV) catalog:
- CVE-2021-30900 Apple iOS, iPadOS, and macOS Out-of-Bounds Write Vulnerability
- CVE-2022-38181 Arm Mali GPU Kernel Driver Use-After-Free Vulnerability
- CVE-2023-0266 Linux Kernel Use-After-Free Vulnerability
- CVE-2022-3038 Google Chrome Use-After-Free Vulnerability
- CVE-2022-22706 Arm Mali GPU Kernel Driver Unspecified Vulnerability
> The cybersecurity agency gave Federal Civilian Executive Branch Agencies (FCEB) agencies three weeks, until April 20, to patch vulnerable mobile devices against potential attacks that would target these five security flaws.
According to the BOD 22-01 binding operational directive issued in November 2021, FCEB agencies must secure their networks against all bugs added to CISA's list of vulnerabilities known to be exploited in attacks.
While the BOD 22-01 directive only applies to FCEB agencies, CISA strongly urged today all organizations to prioritize packing these bugs to thwart exploitation attempts.
"These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise," CISA warned.
-
Take Windows on the road with this refurbished Surface Laptop 2 deal
This refurbished Surface Laptop 2 can serve as your constant companion for $394.99, 12% off the $449 MSRP.
- APRIL 01, 2023
- 08:21 AM
- 0
-
DISH slapped with multiple lawsuits after ransomware cyber attack
Dish Network has been slapped with multiple class action lawsuits after it suffered a ransomware incident that was behind the company's multi-day "network outage." The legal actions aim to recover losses faced by DISH investors who were adversely affected by what has been dubbed a "securities fraud."
- APRIL 01, 2023
- 06:39 AM
- 1
-
Twitter open-sources recommendation algorithm code
Twitter announced on Friday that it's open-sourcing the code behind the recommendation algorithm the platform uses to select the contents of the users' For You timeline.
- MARCH 31, 2023
- 04:02 PM
- 0
-
15 million public-facing services vulnerable to CISA KEV flaws
Over 15 million publicly facing services are susceptible to at least one of the 896 vulnerabilities listed in CISA's KEV (known exploitable vulnerabilities) catalog.
- MARCH 31, 2023
- 03:23 PM
- 0
-
Hackers exploit bug in Elementor Pro WordPress plugin with 11M installs
Hackers are actively exploiting a high-severity vulnerability in the popular Elementor Pro WordPress plugin used by over eleven million websites.
- MARCH 31, 2023
- 11:52 AM
- 0
-
10-year-old Windows bug with 'opt-in' fix exploited in 3CX attack
A 10-year-old Windows vulnerability is still being exploited in attacks to make it appear that executables are legitimately signed, with the fix from Microsoft still "opt-in" after all these years. Even worse, the fix is removed after upgrading to Windows 11.
- MARCH 31, 2023
- 10:38 AM
- 6
-
Consumer lender TMX discloses data breach impacting 4.8 million people
TMX Finance and its subsidiaries TitleMax, TitleBucks, and InstaLoan have collectively disclosed a data breach that exposed the personal data of 4,822,580 customers.
- MARCH 31, 2023
- 10:18 AM
- 0
-
Build up your IT resume with this CompTIA training super bundle deal
CompTIA certification helps you keep your skills current and could help you advance your career. This 13-course bundle gets you started for $54.97, 98% off the $3887 MSRP, but only through the end of April 3rd.
- MARCH 31, 2023
- 07:17 AM
- 0
-
Winter Vivern hackers exploit Zimbra flaw to steal NATO emails
A Russian hacking group tracked as TA473, aka 'Winter Vivern,' has been actively exploiting vulnerabilities in unpatched Zimbra endpoints since February 2023 to steal the emails of NATO officials, governments, military personnel, and diplomats.
- MARCH 30, 2023
- 05:56 PM
- 0
-
Microsoft OneNote will block 120 dangerous file extensions
Microsoft has shared more information on what types of malicious embedded files OneNote will soon block to defend users against ongoing phishing attacks pushing malware.
- MARCH 30, 2023
- 05:40 PM
- 5
-
Ukrainian cyberpolice busts fraud gang that stole $4.3 million
Ukraine's cyberpolice has arrested members of a fraud gang that stole roughly $4,300,000 from over a thousand victims across the EU.
- MARCH 30, 2023
- 04:29 PM
- 0
No comments:
Post a Comment